move ADV_UPD_EXT.2 to FPT_TUD_EXT.1 - security update behavior

commoncriteria / application

Protection Profile for Application Software

The Unlicense

9 stars 3 forks source link

move ADV_UPD_EXT.2 to FPT_TUD_EXT.1 - security update behavior #101

Closed jeffblank closed 10 years ago

jeffblank commented 10 years ago

We should move this extended SAR into an SFR, as it relates to the functionality of the update. (Rather, ensures that the update does not alter functionality in undesirable/unknown ways.)

bourdett commented 10 years ago

Removed ADV_UPD and Add ALC_TSU

here is what is left that we may want to work in someplace else:

Application updates must not change the security properties or configuration of the product without publically disclosing or specifically notifying the user of the specific changes.

The description shall include a supporting their applications with updates for a publicly documented period of time.

zsmi commented 10 years ago

Attempted to finish this by adding the following SAR:

ALC_TSU_EXT.1.2D The developer shall provide a description in the TSS of how users are notified when updates change security properties or the configuration of the product.

If this looks good then we can close this issue.